Cloud Operations + Innovation (CO+I) is the engine that powers Microsoft’s cloud platforms and services that millions of people use every day.
With more than 95% of Fortune 500 business on Azure, 180 million using Office 365, and millions using other services all running on Microsoft's cloud infrastructure CO+I designs, builds and operates the foundation upon which Microsoft’s mission to empower every person and organization comes to life.
The CO&I Physical Security team is organized within CO+I and falls under its Core Operations Functions (COF) team. The CO+I Physical Security team is dedicated to delivering the most trustworthy and efficient physical security services to protect the personnel, infrastructure, data, and confidential information foundational to the Microsoft Cloud.
Our vision is to be the most reliable, rigorous, and trusted industry provider of hyperscale cloud physical security.
The Role : We are seeking a mission-driven security leader to be accountable for physical security operations at our datacenters.
The position will be supported by a vendor team who supports Microsoft security operations across the globe. The successful candidate will be responsible for communications regarding security events and programs, contribute to the development of Site Specific Post Orders (SSPOs), coordination with regional security program resources, ITIM Program Manager, Datacenter Construction Project Manager, (Evaluation / Assessment, Design and Project / Program Managers) and regional leadership as well as partner with our security services vendors to ensure protection of critical information, personnel and facilities.
As the sole area-based COF representative, this position will also facilitate EGRC (Enterprise Governance Risk and Compliance) initiatives to include assurance reviews and audits.
In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day.
The selected candidate will manage formal and ad-hoc teams of Microsoft and Supplier partners to deliver and continuously improve security operations at Microsoft datacenters.
Responsibilities include, but are not limited to the following :
Oversee the implementation of physical security policies and procedures, ensuring Microsoft’s physical security vendor has the resources and information to deliver physical security services that exceed Microsoft and customer requirements to protect people, information and critical infrastructure
Partner with datacenter operations, security systems and other Microsoft stakeholders to ensure secure and continuous operations while maintaining a One Team, One Microsoft environment
Continuously improve the efficiency and maturity of the overall physical security program at Microsoft datacenters, seeking data and recommending strategies and ideas to reduce churn, optimize resources, implement creative solutions to problems, scale, automate and simplify process whenever possible
Demonstrate and promote a Microsoft culture within the workplace that supports the ability to attract, develop and retain talent;
deliver results through teamwork; role model our Microsoft values with a passion for diversity and inclusion
Partner with vendor guard force management at area to drive a training objective of providing enhanced industry leading and certified’ dedicated Datacenter Security Protection Professionals (ex : Corporate / ASIS / DCPRO certifications)
Function as a physical security subject matter expert who can operate on their own and represent the overall (multi-disciplinary) regional physical security team
Partner and collaborate closely with regional peer leaders and stakeholders, focused on maintaining a One Team, One Microsoft environment
As the Area COF representative, ensure the operations team and all related security vendors successfully represent Microsoft during internal, external and customer audits for all COF teams (EH&S, EGRC, etc)
Provide a holistic security program (end-to-end) approach to oversight, providing integrated support to regional evaluation, design, project management and operational leadership resources from conception to decommissioning
Facilitate and support field site visits to assess the state and health of physical security, safety, and other COF teams;
collaborate with peer colleagues at other datacenters to review, assess and share best practices; document issues identified during those visits requiring improvement;
and follow through on recommendations / actions to resolution
Receive escalations / notifications of physical security and business impacting events and appropriately triage, ensure that regional leadership is kept informed through regular communication as appropriate and that the necessary personnel for managing an incident respond effectively
Direct, in-person SME engagement with security integrators supporting the physical security system maintenance and trouble shooting
Insider Threat :
Provide localized expertise to recognize key indicators of an insider threat
facilitate analysis with regional and program-level resources of the local environment to identify specific threat profiles and actors
Provides an independent (human) two-factor authentication and authorization for all activity on site (Factor 1 Datacenter Management Factor 2 DSOM)
Promote an environment of awareness and continuous learning to mitigate insider threat, promoting empowerment of the work force to be force multipliers in an all’ organisation holistic mitigation strategy
Focus policies, procedures and training to continually enhance Microsoft’s prevention, deterrence, and advanced detection capability to create a program differentiator from our competitors
Demonstrated capability to :
Oversee deliver of physical security services to Microsoft data center security operations, including oversight of contract guard operations, alarm investigation and incident reporting and coordination with regional security disciplinary specialists on projects, expansions and other security-related efforts
Evaluate and drive continuous improvement of contract guard operations through the use of key performance indicators and collaborative improvement plans
Close coordination with security vendor management to ensure continuous improvement of security team skills through targeted training, practical exercises and the documentation and application of lessons-learned
Coordination with local emergency services in an effort to develop, maintain and practice / test cross-functional emergency response procedures for the datacenters
Assess and communicate risk and mitigation strategies to non-security audiences, supporting operational needs and maintaining security compliance
Travel not expected to exceed 25% of the time
Bachelor’s degree in a security or management related discipline, or equivalent experience
5+ years of experience applicable to target role / level, including 3+ years managing people
Preferred Qualifications :
Working knowledge of facility security systems to include alarms, locks, and management of access control personnel
Experience developing and documenting standard operating plans, procedures and processes
Experience with or exposure to regulatory and industry compliance frameworks and audits
Confident and skilled in preparing and delivering presentations and briefings to customers, stakeholders and senior leaders
Experience making and influencing good decisions that impact a mission-critical, 24x7 operations environment
Strong work and compliance ethic with the ability to effectively prioritize and execute tasks
Analytical and process improvement skills to produce data driven insights and associated process change
Ability to change plans, goals, actions and priorities in response to an evolving business environment with awareness to operate as a champion for course corrections when necessary
Proficient in the use of Microsoft Office products for business
Thought leader and subject matter expert capable of delivering one or more large programs and services simultaneously while increasing standardization, simplification and automation
Ability to meet Microsoft, customer and / or government security screening requirements are required for this role. These requirements include, but are not limited to, the following specialized security screenings : Microsoft Cloud Background Check : This position will be required to pass the Microsoft Cloud background check upon hire / transfer and every two years thereafter.